shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-27 14:03:43 +03:00
Code

tpm2-util: properly load tpm2 libraries befre unsealing

Browse Source 
We forgot a call to dlopen_tpm2() in the unseal codepaths. As long as
automatic TPM2 device discovery was used that didn't matter, since in
that codepaths we'd have another call dlopen_tpm2(). But with an
explicitly configured TPM2 device things should work too, hence add the
missing call.

Fixes: #19206
This commit is contained in:
Lennart Poettering 2021-04-06 11:46:19 +02:00
parent ff2cf6f8fe
commit 1b30720c1b
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/shared/tpm2-util.c
View File

@ -686,6 +686,10 @@ int tpm2_unseal(
assert(pcr_mask < (UINT32_C(1) << TPM2_PCRS_MAX)); /* Support 24 PCR banks */
r = dlopen_tpm2();
if (r < 0)
return log_error_errno(r, "TPM2 support is not installed.");
/* So here's what we do here: We connect to the TPM2 chip. As we do when sealing we generate a
* "primary" key on the TPM2 chip, with the same parameters as well as a PCR-bound policy
* session. Given we pass the same parameters, this will result in the same "primary" key, and same